In which “Windows Technical Support” scammers call me again

"Justin Roberts" would like to fix my computer remotely.

This weekend, while watching some evening TV with my daughter, I got a phone call. The called ID said the call came from "Red Bank, NJ." I know no one in Red Bank and so was unlikely to be receiving an after-hours call from the place. But I answered out of curiosity anyway and got a young man with a clear Indian accent telling me that he was "Justin Roberts" and that he was calling me from "Windows Technical Support."

I should know by now that the best way to deal with the legions of people peddling this scam is simply to hang up. But the moral crusader in me wants these guys to, at the very least, know that I know what they're doing. Surely some of them will at least get angry or offer half-hearted justifications. Surely some of them will at least care that they are caught out in a scam. But no, they don't. Justin was no exception.

It wasn't his simple insistence on being Justin that offended me—it was the fact that my doubts didn't even anger him. Put yourself in Justin's situation for a moment. You call someone on the phone and they immediately suggest that you are lying about your name. This should not prompt amused protestations that your name is in fact Justin; it should make you angry that someone you don't even know is calling you a liar—and about something as personal as your name. But when you spend your days actually lying about both your name and occupation while attempting to rob total strangers, the accusation no doubt loses its sting. Justin couldn't even muster up the energy to fake outrage at my questioning.

But he didn't hang up, either. Not being schooled in the realities of working in a VoIP-based call center devoted to foreign fraud, I would have assumed the only way to make money would be in volume. The moment someone questions your name in a hostile fashion? Hang up and move on to the next potential mark.

Not Justin. He was happy to keep asserting his Justin-ness until I gave up, then proceeded amiably along the script, telling me that his company had been monitoring my computer and saw that I had downloaded a virus, etc, etc. I told him that I write about these issues for a living and that I had actually covered this well-known scam. This still didn't lead to a hang-up. Justin told me that was just not true and that "Windows Technical Support" was a wholly legitimate business. All of which pushed me to a disturbing conclusion: simply denying reality again and again must actually work on some percentage of targets, even upon those who tell you that they know you are scamming them. It was like watching some kind of postmodern performance art.

It soon became clear that I could tell Justin almost anything—that I knew all about the FTC operation that had shuttered some of these sites, that I had received these calls before, that I was aware of a whole Internet subculture devoted to trolling the scammers—and that he wasn't going to hang up. Curious to see just how far this would go, I told Justin to go rip-off someone else instead and to leave me alone. Even then he didn't hang up right away, giving me a chuckle and a "have a good night, buddy" before signing off. No big deal.

Safe behind his spoofed phone connection and his distance, this was nothing more than a game designed to transfer some cash into Justin's pocket. He wasn't angry about anything I said, nor was he concerned about getting caught. In the end, only one of us was upset by our short conversation—me—because, despite FTC action, Justin was right. There was nothing I could do about any of this, and little chance that anyone else would stop him either. While plenty of people delight in baiting the scammers, some of the scammers must likewise take a perverse pleasure in listening to their angriest targets work themselves up to little effect.

What a strange feeling—two people connecting across the planet, able to speak on the phone and exchange money through credit cards and open computer systems to remote control, yet one can remain so hidden from the other that even brazen scams pose no risk and create no fear. Thanks, Internet + human nature.

Promoted Comments

All of which pushed me to a disturbing conclusion: simply denying reality again and again must actually work on some percentage of targets, even upon those who tell you that they know you are scamming them

This is basic psychology used in persuasion for decades and decades, it was even written about in Mien Kompf in 1925. People are much more likely to believe big lies than small lies, because our instincts tell us that the bigger the lie, the less likely a person would try to tell it. Our subconscious then assumes that if the lie is THAT big, no one would tell it, so it must be the truth.

One of the oddest things I learned when I held direct sales positions for 8 years, was that even though I knew the techniques another salesman was trying to use on me, they still created the same subconscious desires to agree and eventually buy as if I had no idea what he was doing.

Reality is that persuasion techniques work very well, but are completely morally ambivalent. They work just as well when someone is persuading you to better your life as they do when they are trying to scam you. It is an important thing to remember as you go through life.

Adopting an English pseudonym is apparently SOP in the training to work at an outsourced call center. The theory is that giving the customer a name that's easy for them to pronounce will reduce friction; in practice I think it was probably true a few decades ago before the boom in the industry resulted in significantly more jobs to be filled than there were potential employee's who didn't have strong accents to fill them.

one of us was upset by our short conversation—me—because, despite FTC action, Justin was right. There was nothing I could do about any of this, and little chance that anyone else would stop him either.

I would call the FTC's little slap on the wrist "FTC inaction."Until these people start facing criminial charges they have nothing to fear.

Safe behind his spoofed phone connection and his distance, this was nothing more than a game designed to transfer some cash into Justin's pocket. He wasn't angry about anything I said, nor was he concerned about getting caught. In the end, only one of us was upset by our short conversation—me—because, despite FTC action, Justin was right.

You're going overboard in personalizing your interactions with scammers. This isn't about transferring money into "Justin's" pocket or "Justin" being out-of-reach. This is about transferring money into a company (legal or not) that's out of your reach*. Getting angry at drones just doing a job is silly, pointless and irrational. Your first voice was right.... you should have just put the phone down. Your second voice.... your ego, was wrong.

*Unless you have evidence that these scammers are individual operators?

Safe behind his spoofed phone connection and his distance, this was nothing more than a game designed to transfer some cash into Justin's pocket. He wasn't angry about anything I said, nor was he concerned about getting caught. In the end, only one of us was upset by our short conversation—me—because, despite FTC action, Justin was right.

You're going overboard in personalizing your interactions with scammers. This isn't about transferring money into "Justin's" pocket or "Justin" being out-of-reach. This is about transferring money into a company (legal or not) that's out of your reach*. Getting angry at drones just doing a job is silly, pointless and irrational. Your first voice was right.... you should have just put the phone down. Your second voice.... your ego, was wrong.

*Unless you have evidence that these scammers are individual operators?

So, "I'm just following orders" is a legitimate excuse to you for performing illegal activity? If I rob a store for a crime lord, I'm as much (more?) to blame than the crime lord.

...before the boom in the industry resulted in significantly more jobs to be filled than there were potential employee's who didn't have strong accents to fill them.

Every single job in every single industry is staffed by someone that has a strong accent. What has changed is our more frequent exposure to people from regions that have a different accent than our own.

It is sad that this scam is still taking place. Maybe if the useless news media actually told people useful information like how this is a scam instead of worrying about which celebrity is cheating on who or their usual fear mongering of the next big thing that will kill your kids is possibly in your house right now then people would be less likely to be caught in this scam.

But wishful thinking. This sort of thing thrives off of the ignorance of the end user.

How easy can the actual traces of this call be spoofed? Assuming this was an actual call to a cell or land line number, the call must have entered the actual phone network somewhere. The networks aren't likely to accept spoofing, and I suppose this is down straight illegal in the US. At the lower protocol levels (TCAP or similar), the actual endpoint ID should reside. If the caller calls from abroad, I suppose it is easier get such acts set up, but if they are in the US, it should definately be possible to track them (although not by you personally).

How easy can the actual traces of this call be spoofed? Assuming this was an actual call to a cell or land line number, the call must have entered the actual phone network somewhere. The networks aren't likely to accept spoofing, and I suppose this is down straight illegal in the US. At the lower protocol levels (TCAP or similar), the actual endpoint ID should reside. If the caller calls from abroad, I suppose it is easier get such acts set up, but if they are in the US, it should definately be possible to track them (although not by you personally).

That can be a bit less trivial if the call was made via a SIP gateway or whatnot (highly likely in a case like this), since at that point it's only easily traceable up to where it actually hits the PSTN gateway.

All of which pushed me to a disturbing conclusion: simply denying reality again and again must actually work on some percentage of targets, even upon those who tell you that they know you are scamming them

This is basic psychology used in persuasion for decades and decades, it was even written about in Mien Kompf in 1925. People are much more likely to believe big lies than small lies, because our instincts tell us that the bigger the lie, the less likely a person would try to tell it. Our subconscious then assumes that if the lie is THAT big, no one would tell it, so it must be the truth.

One of the oddest things I learned when I held direct sales positions for 8 years, was that even though I knew the techniques another salesman was trying to use on me, they still created the same subconscious desires to agree and eventually buy as if I had no idea what he was doing.

Reality is that persuasion techniques work very well, but are completely morally ambivalent. They work just as well when someone is persuading you to better your life as they do when they are trying to scam you. It is an important thing to remember as you go through life.

So, "I'm just following orders" is a legitimate excuse to you for performing illegal activity? If I rob a store for a crime lord, I'm as much (more?) to blame than the crime lord.

What is Justin's motivation? Is he personally trying to scam you because he loves money and wants to burn you. Or is Justin working a job trying to feed his 6 children, 4 of which have serious medical issues, in a country where most human beings live in poverty despite it being a democracy.

Until you know more about Justin and his motiviation, you cannot post a value directly to his crime. India has lots of poverty and social problems despite being the largest democracy in the world. If a crime lord asks me to rob a store for him, and I have a child with an expensive disease at home sick in bed and I just got laid off from the factory, that's different if just said "oh yeah I hate that shop owner I'd love to stick it to him." Plus there are various shades of grey between those extremes.

If one cannot see the difference between those situations, then one cannot appreciate what economic hardship does to a person.

in the late 90s I was running an Unreal Tournament server from my home for myself and some friends to play on. One night some douche bag broke in and hacked administrative access and started interrupting our games. my request for him to stop only made him more vulgar.

I dont remember how I did it but within an hour, I had managed to find out his name and his location. Some small town in UTAH. I called his local Sheriffs department and told them that he had hacked into a corporate server and that I was going to be pressing charges. Turns out the guy that I was talking to knew the kid, took my number and said he would call me back.

Within an hour, the kid was back on begging me to call off the feds, apologizing and all that. We wanted to know how I found him, which of course I didn't tell him. I warned him that if he ever came near me again, I would have his ass.

Apparently the sheriff went out there pretty much kicked in his door and told him to knock off the shit.

The morale of the story is: DAMNED, I wish it was still that easy to identify these pricks.

There is something you can do to bother him... you can waste as much of his time as possible. Similar to your last experience, you can keep stalling and stalling until his patience wears thin. Time is money and if you're never giving him your credit card, then you're costing him money. Of course it wastes your own time as well, and I assume that you value time with your daughter much more than his time, but at least you might save someone else from getting scammed before that particular group gets shut down.

I'm sure it is just a job to Justin, but that doesn't excuse him. He knows he is scamming people. While he isn't as evil as those running the operation, he is not free from guilt.

Also, to be fair, there are millions of Christians in India, and tradition there is usually to give a "Christian" name (which basically means a British name...like Justin) to your children. While still unlikely, it is possible that his name was actually Justin. Just throwing that out there.

I feel your pain, Nate. I recently started getting fun phone calls on my cell from Romania (40-21-5291213). The person wishes to attempt to help me settle outstanding issues with my AOL account. As you can guess, I don't have an AOL account nor have I ever.

It is sad that this scam is still taking place. Maybe if the useless news media actually told people useful information like how this is a scam instead of worrying about which celebrity is cheating on who or their usual fear mongering of the next big thing that will kill your kids is possibly in your house right now then people would be less likely to be caught in this scam.

But wishful thinking. This sort of thing thrives off of the ignorance of the end user.

The scam has had reasonable coverage over here mainstream media but clearly the reason it can survive is that they don't need many people to fall for it, when you watch people who have recorded the scam all the way through the prices charged for the software that will supposedly fix the machine are in the hundreds despite the software doing nothing. Their operating costs must be virtually nothing so each hooked fish will met them a good few hundred dollars so I assume even if they only get one victim a week or even less it is still highly profitable for them.

My Dad called me the other day to tell me Microsoft were looking for me as I had a virus on my computer, I straight away told him it was a scam and no one from Microsoft would ever call this way but he took a lot of convincing because he was adamant Microsoft had been on the phone and there was a problem with the computer. I dread to think what would have happened if he could have powered up the PC, it isn't that he is an idiot just that he is a terrible technophobe.

They will ask about any computers belonging to anyone else living in the household and failing that any belonging to friends, they are persistent if given the chance - I'm sure it won't be long before they are phoning about infected smartphones.

There is something you can do to bother him... you can waste as much of his time as possible. Similar to your last experience, you can keep stalling and stalling until his patience wears thin. Time is money and if you're never giving him your credit card, then you're costing him money. Of course it wastes your own time as well,

I sometimes do this. When I'm at my desk at home I'm usually working anyway, so I don't waste much of my own time.

I say things like "oh, yes, thank you for calling. Could you just hold on for a second? I just have to finish..."

...and go back to typing. It helps that I use a "clicky" keyboard.

When they ask "sir? Are you still there?" I say things like "oh yes, yes... I just have to finish this ONE... " (type type typity type...)

I don't keep track any more but I'm pretty sure I kept one on the line for over 15 minutes. Got almost the normal amount of work done too.

On the other hand, I got one of these "Windows technical support" calls and decided to derail it. "If you've actually been monitoring my computer you can tell me my IP address. What is it?" ...silence.

Come on internets...there has to be a way to trace this call back to the specific number its calling from.

I would love to be able to be able to tell one of these guys

'So it turns out your real name is (_____) and you're currently working in (_______). Imagine that. I happen to know a relative that owes me a favor there. Ill ask him to drop by'

The latter helps if you already happen to be of Indian background.

Anything can be done, it's really boils down to how many resources does one want to expend to find out. I'm fairly certain a lot has been done by these outfits to obfuscate that information though.

A bit off topic but relating to being anonymous while communicating, I read where it's possible to use Skype over a TOR network. While it sound's good at face value, it find it disturbing that most if not all communications are CALEA compliant. In essence, the keys to having your communications monitored by governments have already been handed over in advance by these businesses.

I got one of these calls here in Canada, same thing in that I was curious, so I took the call. I then proceeded to curse and swear at the poor guy for over 10 minutes. I mean, I really let loose with both barrels ("you dumb F#@@$^ S.O.B., etc."), but that didn't sway him from the script. When repeatedly asked who he worked for it was "Windows Technical Support." I then said, my computer was not even connected to the Internet, and still, he stayed on script. It was only when I said, "I have a Mac" that he said, "Oh." and finally hung up.

You were wasting your time trying to get serious with the scammer, but it may have provided some entertainment value to play along. "Oh, I'm so glad you called, Justin - I *do* have a major computer problem! My Atari 800XL hasn't come on at all for months! What should I do?"

How easy can the actual traces of this call be spoofed? Assuming this was an actual call to a cell or land line number, the call must have entered the actual phone network somewhere. The networks aren't likely to accept spoofing, and I suppose this is down straight illegal in the US. At the lower protocol levels (TCAP or similar), the actual endpoint ID should reside. If the caller calls from abroad, I suppose it is easier get such acts set up, but if they are in the US, it should definately be possible to track them (although not by you personally).

It is actually quite easy to spoof a call trace result, especially if you have any amount of experience working in a telco (telephone company). If you can get into the phone switch remotely (requires physical connection to the phone switch), you can originate a call from any number residing on the phone switch. Alternatively, you can set up a filter in a phone switch that if it handles a call originating from a certain prefix, it displays on a caller ID as coming from a different source than it actually is. Granted, I'm not suggesting some grand conspiracy theory where foreign crime lords have people planted in telco's across the country to aid them in spoofing their phone numbers so they can continue to run this scam, I'm simply stating two different ways to spoof a phone number.